[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL authentication - please help



On Fri, 24 Aug 2001, Leo Cyr wrote:

> I've asked this question in three different posts -- will someone just
> point myself and the rest of the list to SOME info on replication
> using sasl?  Please?
>

http://www.software-munitions.com/openl.html


> I too have read the mail archives, the faq, and administrators guide
> and I have found little info -- for me not enought to make it work.
> Please point us to some documentation that will shed some light.
>
> If there is not already a polished document describing this I
> volunteer my time to write one if I can get some help in making it
> work.
>
> Someone, anyone?
>
> TIA
>
> On Fri, 24 Aug 2001, Tarjei Huse wrote:
>
> > Have you created a saslpasswd file? E.g.:
> > ./saslpasswd cyrus
> > ?
> > You must have done this to let OL check for mechanisms.
> >
> > >
> > > After 25 hours of work on installing OpenLDAP 2.0.11 with SASL, I'm
> > writing
> > > to you for help.  I realize this is one of the most commonly asked
> > questions
> > > on the list. I have already reviewed the 518 posts that are in the list
> > > archive (search for "SASL;2001") and have not found my answer.  However, I
> > > have printed out and followed the instructions in those that seemed most
> > > promising.  I have also reviewed the man pages, the systems administrators
> > > guide, an "Exchange Server Replacement How-To", and a "LDAP v3 How-To" by
> > > Turbo Fredrikson.
> > >
> > > I would like to use SASL to encrypt the username & password used in
> > > replication.  I don't mind if the rest of the replication traffic goes
> > plain
> > > text over the wire - user passwords aren't being stored on the LDAP
> > server.
> > > I don't see any need to install Kerberos.  You'll note in the installation
> > > instructions, I specifically mention OpenSSL - I don't believe this is
> > > required to use SASL but I've installed it "just in case".
> > >
> > > My most recent attempt was working on a clean install on a blank hard
> > drive.
> > > I would like to present you with the problem, and with the steps I have
> > taken
> > > to install the relevant software.  These steps are being written as part
> > of
> > > an installation guide for a project I am working on.  So that you know,
> > > OpenLDAP, OpenSSL, and Cyrus SASL are all compiled from the most recent
> > > source versions.  As well, I confirmed that SASL was working using the
> > > sample-server and sample-client programs.  The 'make test' for OpenLDAP
> > > completed without error.
> > >
> > > I am doing this in the hopes that someone who has successfully configured
> > > OpenLDAP with SASL will email me with a solution, or some direction to
> > take.
> > > I have followed what few instructions that I have found to the best of my
> > > abilities.
> > >
> > > Note: this is a long email.  If you feel like skipping down to the next
> > > section, use your find command and look for ---
> > >
> > > ---The problem, as seen from the client machine---
> > >
> > > [root@server /root]# ldapsearch -x -b "" -s base -LLL
> > supportedSASLMechanisms
> > > dn:
> > >
> > > [root@server /root]# ldapsearch -d 2
> > > ber_flush: 64 bytes to sd 3
> > >   0000:  30 3e 02 01 01 63 39 04  00 0a 01 00 0a 01 00 02
> > 0>...c9.........
> > >   0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74
> > ..........object
> > >   0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74
> > class0...support
> > >   0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73
> > edSASLMechanisms
> > > ldap_write: want=64, written=64
> > >   0000:  30 3e 02 01 01 63 39 04  00 0a 01 00 0a 01 00 02
> > 0>...c9.........
> > >   0010:  01 00 02 01 00 01 01 00  87 0b 6f 62 6a 65 63 74
> > ..........object
> > >   0020:  63 6c 61 73 73 30 19 04  17 73 75 70 70 6f 72 74
> > class0...support
> > >   0030:  65 64 53 41 53 4c 4d 65  63 68 61 6e 69 73 6d 73
> > edSASLMechanisms
> > > ldap_read: want=1, got=1
> > >   0000:  30                                                 0
> > > ldap_read: want=1, got=1
> > >   0000:  09                                                 .
> > > ldap_read: want=9, got=9
> > >   0000:  02 01 01 64 04 04 00 30  00                        ...d...0.
> > > ldap_read: want=1, got=1
> > >   0000:  30                                                 0
> > > ldap_read: want=1, got=1
> > >   0000:  0c                                                 .
> > > ldap_read: want=12, got=12
> > >   0000:  02 01 01 65 07 0a 01 00  04 00 04 00               ...e........
> > > request 1 done
> > > ldap_sasl_interactive_bind_s: No such attribute
> > >
> > > ---The problem, as seen from the primary LDAP server---
> > >
> > > [root@ldap openldap]# /usr/local/libexec/slurpd -d 255
> > > Config: opening config file "/usr/local/etc/openldap/slapd.conf"
> > > Config: (include
> > /usr/local/etc/openldap/schema/core.schema)
> > > Config: (include
> > /usr/local/etc/openldap/schema/cosine.schema)
> > > Config: (include
> > > /usr/local/etc/openldap/schema/inetorgperson.schema)
> > > Config: (include
> > /usr/local/etc/openldap/schema/local.schema)
> > > Config: (pidfile                /usr/local/var/slapd.pid)
> > > Config: (argsfile       /usr/local/var/slapd.args)
> > > Config: (loglevel 0)
> > > Config: (idletimeout 30)
> > > Config: (sizelimit 100)
> > > Config: (timelimit 120)
> > > Config: (defaultsearchbase "dc=company,dc=com")
> > > Config: (schemacheck on)
> > > Config: (database       ldbm)
> > > Config: (replica host=server.company.com:389
> > > binddn="cn=LDAProot,dc=company,dc=com"   bindmethod=sasl
> > saslmech=DIGEST-MD5
> > >    authcID="server.company.com"   realm=server.company.com
> > > credentials="c19vffxx")
> > > Config: ** successfully added replica "server.company.com:389"
> > > Config: (replogfile     /usr/local/etc/openldap/replog/replog.log)
> > > Config: (lastmod                off)
> > > Config: (suffix         "dc=company,dc=com")
> > > Config: (rootdn         "cn=LDAProot,dc=company,dc=com")
> > > Config: (rootpw         {crypt}SAf0p11tbz3MQ)
> > > Config: (directory      /usr/local/var/openldap-ldbm)
> > > Config: (index  objectClass                             eq,pres)
> > > Config: (index  uid                                     eq)
> > > Config: (index  cn                                      eq,sub)
> > > Config: (index  mail                                    eq,pres,sub)
> > > Config: (index  givenName                               eq,sub)
> > > Config: (index  sn                                      eq,sub)
> > > Config: (index  o                                       eq,sub)
> > > Config: (access to attr=userPassword    by dn="cn=LDAPRoot, dc=company,
> > > dc=com" write    by * none)
> > > Config: (access to *    by anonymous read       by dn="cn=LDAPRoot,
> > > dc=company, dc=com" write)
> > > Config: (dbnolocking)
> > > Config: (dbnosync)
> > > Config: (cachesize 10000)
> > > Config: (dbcachesize 100000)
> > > Config: ** configuration file successfully read and parsed
> > > Retrieved state information for server.company.com:389 (timestamp
> > 997309400.0)
> > > begin replication thread for server.company.com:389
> > > Replica server.company.com:389, skip repl record for
> > > uid=Roman_Gebhart,ou=Distributors,dc=company,dc=com (old)
> > > Initializing session to server.company.com:389
> > > ldap_create
> > > bind to server.company.com as server.company.com via DIGEST-MD5 (SASL)
> > > ldap_interactive_sasl_bind_s: user selected: DIGEST-MD5
> > > ldap_int_sasl_bind: DIGEST-MD5
> > > ldap_new_connection
> > > ldap_int_open_connection
> > > ldap_connect_to_host
> > > ldap_new_socket: 6
> > > ldap_prepare_socket: 6
> > > ldap_connect_to_host: Trying 192.168.1.2:389
> > > ldap_connect_timeout: fd: 6 tm: -1 async: 0
> > > ldap_ndelay_on: 6
> > > ldap_is_sock_ready: 6
> > > ldap_ndelay_off: 6
> > > ldap_int_sasl_open: server.company.com
> > > ldap_sasl_bind_s
> > > ldap_sasl_bind
> > > ldap_send_initial_request
> > > ldap_send_server_request
> > > ber_flush: 54 bytes to sd 6
> > >   0000:  30 34 02 01 01 60 2f 02  01 03 04 1c 63 6e 3d 4c
> > 04...`/.....cn=L
> > >   0010:  44 41 50 72 6f 6f 74 2c  64 63 3d 73 61 66 65 63
> > DAProot,dc=compan
> > >   0020:  6f 2c 64 63 3d 63 6f 6d  a3 0c 04 0a 44 49 47 45
> > y,dc=com....DIGE
> > >   0030:  53 54 2d 4d 44 35                                  ST-MD5
> > > ldap_write: want=54, written=54
> > >   0000:  30 34 02 01 01 60 2f 02  01 03 04 1c 63 6e 3d 4c
> > 04...`/.....cn=L
> > >   0010:  44 41 50 72 6f 6f 74 2c  64 63 3d 73 61 66 65 63
> > DAProot,dc=compan
> > >   0020:  6f 2c 64 63 3d 63 6f 6d  a3 0c 04 0a 44 49 47 45
> > y,dc=com....DIGE
> > >   0030:  53 54 2d 4d 44 35                                  ST-MD5
> > > ldap_result msgid 1
> > > ldap_chkResponseList for msgid=1, all=1
> > > ldap_chkResponseList returns NULL
> > > wait4msg (infinite timeout), msgid 1
> > > wait4msg continue, msgid 1, all 1
> > > ** Connections:
> > > * host: server.company.com  port: 389  (default)
> > >   refcnt: 2  status: Connected
> > >   last used: Thu Aug 23 12:31:48 2001
> > >
> > > ** Outstanding Requests:
> > >  * msgid 1,  origid 1, status InProgress
> > >    outstanding referrals 0, parent count 0
> > > ** Response Queue:
> > >    Empty
> > > ldap_chkResponseList for msgid=1, all=1
> > > ldap_chkResponseList returns NULL
> > > do_ldap_select
> > > read1msg: msgid 1, all 1
> > > ber_get_next
> > > ldap_read: want=1, got=1
> > >   0000:  30                                                 0
> > > ldap_read: want=1, got=1
> > >   0000:  0c                                                 .
> > > ldap_read: want=12, got=12
> > >   0000:  02 01 01 61 07 0a 01 07  04 00 04 00               ...a........
> > > ber_get_next: tag 0x30 len 12 contents:
> > > ber_dump: buf=0x0807f120 ptr=0x0807f120 end=0x0807f12c len=12
> > >   0000:  02 01 01 61 07 0a 01 07  04 00 04 00               ...a........
> > > ldap_read: message type bind msgid 1, original id 1
> > > ber_scanf fmt ({iaa) ber:
> > > ber_dump: buf=0x0807f120 ptr=0x0807f123 end=0x0807f12c len=9
> > >   0000:  61 07 0a 01 07 04 00 04  00                        a........
> > > read1msg:  0 new referrals
> > > read1msg:  mark request completed, id = 1
> > > request 1 done
> > > res_errno: 0, res_error: <>, res_matched: <>
> > > ldap_free_request (origid 1, msgid 1)
> > > ldap_free_connection
> > > ldap_free_connection: refcnt 1
> > > ldap_parse_sasl_bind_result
> > > ber_scanf fmt ({iaa) ber:
> > > ber_dump: buf=0x0807f120 ptr=0x0807f123 end=0x0807f12c len=9
> > >   0000:  61 07 0a 01 07 04 00 04  00                        a........
> > > ldap_msgfree
> > > ldap_err2string
> > > Error: LDAP SASL for server.company.com:389 failed: Authentication method
> > not
> > > supported
> > > ldap_unbind
> > > ldap_free_connection
> > > ldap_send_unbind
> > > ber_flush: 7 bytes to sd 6
> > >   0000:  30 05 02 01 02 42 00                               0....B.
> > > ldap_write: want=7, written=7
> > >   0000:  30 05 02 01 02 42 00                               0....B.
> > > ldap_free_connection: actually freed
> > > fm: exiting
> > > Retrying operation for DN uid=roman_g,ou=Distributors,dc=company,dc=com on
> > > replica server.company.com:389
> > > end replication thread for server.company.com:389
> > > slurpd: terminated.[
> > >
> > > --- Steps to Reproduce ---
> > >
> > > 1.To begin, insert Red Hat Linux CD 1 in the CD-ROM drive.  Turn off the
> > > computer and turn it on again.
> > > 2."Welcome to Red Hat Linux 7.1" will appear on screen.  Press the ENTER
> > key.
> > > 3.Debugging information will appear on screen.  The screen will briefly
> > turn
> > > blue, and then additional debugging information will appear.  Wait for the
> > > Red Hat logo to appear on screen.
> > > 4.In Language Selection, confirm that "English" is selected and press
> > Next.
> > > 5.In Keyboard Configuration, confirm that "Generic 105-key (Intl) PC" is
> > > selected. Confirm that U.S. English is selected.  Select "Disable dead
> > keys."
> > >  Press Next.
> > > 6.In Mouse Configuration, select "2 Button Mouse (PS/2)".  Select "Emulate
> > 3
> > > buttons".  Press next.
> > > 7.On the Welcome to Red Hat Linux screen, press Next.
> > > 8.In Install Options, select "Server System".
> > > 9.In Disk Partitioning, select "Manually partition with Disk Druid" and
> > press
> > > Next
> > > 10.Using the mouse, delete any existing partitions.  Using the Add button,
> > > add the following partitions:
> > > Mount point: (Not set) Size = 2x Physical RAM in server. Partition Type:
> > > Linux Swap.
> > > Mount point: /var Size = 650 Partition Type: Linux Native
> > > Mount point: / Use remaining space - checked.  Partition Type: Linux
> > Native.
> > > 11.In Choose Partitions to Format select all partitions.  As well, select
> > > "Check for bad blocks while formatting".
> > > 12.In Network Configuration, select the eth0 tab.  Clear "Configure using
> > > DHCP."   Type in the appropriate values for IP address, NetMask, Network,
> > > Broadcast, Hostname, Gateway, and the DNS servers.  If there are multiple
> > > NICs in the server, select the eth1, eth2, etc. tabs and set appropriate
> > > values.
> > > 13.In Firewall Configuration, select "No Firewall".  Later in this guide,
> > the
> > > Bastille Firewall will be installed. Detailed instructions for how to
> > > configure this firewall are provided in the Red Hat Linux Configuration
> > > Guide.  Press Next.
> > > 14.In Language Support Selection, confirm that "English (USA)" is
> > selected.
> > > Press Next.
> > > 15.In Time Zone Selection, select "America/Vancouver".  Press Next.
> > > 16.In Account Configuration, type the Root Password in "Root Password" and
> > in
> > > "Confirm".  Add a second account admin with the following properties:
> > > Account Name: admin
> > > Password: (your password)
> > > Password (confirm): (your password)
> > > Full Name: administrative user
> > > Press "Add" to add the new account.  Do not add additional accounts at
> > this
> > > time.
> > > 17.In Selecting Package Groups, confirm that all packages are cleared.
> > > Select "Select individual packages", and press Next.
> > > 18.The next screen will be titled "Individual Package Selection".  A
> > > tree-view of available package categories will appear on the left side of
> > the
> > > screen, while individual packages appear on the right.
> > > Applications - Communications: press "Unselect all in group".
> > > Applications - Editors: press "Unselect all in group".
> > > Applications - Internet: clear "elm", "fetchmail", "finger", "ftp", "im",
> > > "metamail", "ncftp", "nmh", "pine", "rsh", "rsync", "slrn", "talk", and
> > > "telnet".
> > > Applications - Publishing: clear "ghostscript" and "ghostscript-fonts".
> > > Applications - System: clear "isdn4k-utils".  Select "linuxconf" and
> > > "mtools".  Clear "rdist".  Select "samba-client" and "samba-common".
> > > Development - Libraries - clear openssl-devel
> > > System Environment - Base: clear "chkfontpath".
> > > System Environment - Daemons: clear "LPRng", "XFree86-xfs", "anonftp",
> > > "finger server", "inews", "ppp", "printconf", "rp-ppoe", "rsh-server",
> > > "rusers", "rusers-server", "rwall", "rwall-server", "rwho", "talk-server",
> > > "telnet-server", "wu-ftpd", and "wvdial".
> > > System Environment - Kernel: select "kernel-enterprise".
> > > System Environment - Libraries: clear "VFlib2"
> > > User Environment - X: clear "urw-fonts" and "xtt-fonts".
> > > 17.Press Next.
> > > 18.In About to Install, press Next.
> > > 19.In Installing Packages, the file system will be formatted.  Packages
> > will
> > > be copied to the hard disk.  When prompted, insert Red Hat Linux Disk Two
> > > into the CD-ROM drive and press Ok.
> > > 20.In Boot Disk Creation, insert a blank floppy disk into the floppy drive
> > > and press Next.  The boot disk will be created.
> > > 21.In Congratulations, remove the floppy disk from the drive.  Label this
> > > "BOOT FLOPPY" and do not lose it.  Press Exit.
> > > 22.The system will shut down and the CD-ROM will eject.  IMMEDIATELY
> > remove
> > > the CD-ROM from the drive.
> > > 23.Lilo will show.  You do not need to press Enter for Linux to boot.
> > > 24.Linux boot messages will show.  Services will start, and network
> > > interfaces will start. When "Red Hat Linux release 7.1 (Seawolf)" appears
> > on
> > > screen, you may continue.
> > > Updating Linux with post-release fixes
> > > 25.Log in as root.
> > > 26.Insert the Project CD-ROM into the CD-ROM drive.
> > > 27.Mount the CD-ROM by typing mount /mnt/cdrom
> > > 28.Switch to the updates folder of the CD-ROM by typing cd
> > /mnt/cdrom/updates
> > > 29.Type rpm -Uvh gcc/libstdc++-2.96-85.i386.rpm
> > > gcc/libstdc++-devel-2.96-85.i386.rpm and press Enter.
> > > 30.Type rpm -Uvh gnupg/gnupg-1.0.6-1.i386.rpm and press Enter.
> > > 31.Type rpm -Uvh mount/losetup-2.11b-3.i386.rpm
> > mount/mount-2.11b-3.i386.rpm
> > > and press Enter.
> > > 32.Type  rpm -Uvh xinetd/xinetd-2.3.0-1.71.i386.rpm and press Enter.
> > > 33.Type cat /etc/lilo.conf and look for the section that starts with
> > > image=/boot/vmlinuz-2.4.2-2 . This indicates which hard disk partition
> > Linux
> > > is installed on.  Make a note of the line that begins with root= .  For
> > > example, root=/dev/hda2 .
> > > 34.Type rpm -ivh kernel/i686/kernel-enterprise-2.4.3-12.i686.rpm and press
> > > Enter.
> > > 35.Type vi /etc/lilo.conf and press Enter.
> > > 36.Move the cursor down to the end of the file and press a.  Type the
> > > following lines below, replacing /dev/hdaXX with the value you determined
> > in
> > > step 33.
> > > image = /boot/vmlinuz-2.4.3-12
> > >   label = linux
> > >   root = /dev/hdaXX
> > > 37.Find the section that begins with  image=/boot/vmlinuz-2.4.2-2 . Move
> > the
> > > cursor down to the line that says label = linux .  Modify this line to
> > read
> > > label = linux.old .
> > > 38.Press the Escape key, type :w and press Enter.  Type :q and press
> > Enter.
> > > 39.Type lilo -v and press Enter.
> > > 40.Type cd and press Enter.
> > > 41.Type umount mnt/cdrom and press Enter.  You do not need to remove the
> > > CD-ROM from the CD-ROM drive.
> > > 42.Type cd and press Enter.
> > > 43.Type source .bash_profile and press Enter.
> > > 44.Type shutdown now -r and press Enter.  The server will reboot.
> > > 45.The Lilo screen will be shown with two choices - linux and linux old.
> > You
> > > do not need to press Enter for the boot sequence to continue.
> > > 46.Once again, log in as root.
> > > 47.Type mkbootdisk --device /dev/fd0 2.4.3-12 and press Enter.  Press
> > Enter a
> > > second time.  This updates the boot disk with information about the new
> > > kernel.  Label this disk as (servername) Boot Disk
> > > Installing Bastille
> > > 48.Mount the CD-ROM with the command mount /mnt/cdrom .  Press Enter.
> > > 49.Type cd /mnt/cdrom/Bastille/ and press Enter.
> > > 50.Type rpm --nodeps -ivh perl-Curses-1.05-2mdk.i586.rpm and press Enter.
> > > 51.Type rpm -ivh Bastille-1.2.0-1.1mdk.noarch.rpm
> > > Bastille-Curses-module-1.2.0-1.1mdk.noarch.rpm and press Enter.
> > > Compiling & Installing OpenSSL libraries
> > > 52.Type cp /mnt/cdrom/openssl/openssl-0.9.6b.tar.gz /usr/src and press
> > Enter.
> > > 53.Type cd /usr/src and press Enter.
> > > 54.Type tar -xzvf openssl-0.9.6b.tar.gz  and press Enter.
> > > 55.Type cd /openssl-0.9.6b and press Enter.
> > > 56.Type ./config --prefix=/usr --openssldir=/usr/lib/ssl and press Enter.
> > > 57.Type make -f Makefile.ssl all and press Enter.
> > > 58.Type make -f Makefile.ssl install and press Enter.
> > > Compiling & Installing Cyrus SASL libraries
> > > 59.Type cp /mnt/cdrom/cyrus/cyrus-sasl-1.5.24.tar.gz /usr/src and press
> > Enter.
> > > 60.Type cd and press Enter.
> > > 61.Type umount /mnt/cdrom and press Enter.  You should eject the CD-ROM
> > from
> > > the CD-ROM drive.
> > > 62.Type cd /usr/src and press Enter.
> > > 63.Type tar -xzvf cyrus-sasl-1.5.24.tar.gz and press Enter.
> > > 64.Type cd cyrus-sasl-1.5.24 and press Enter.
> > > 65.Type ./configure --enable-plain --disable-krb4 and press Enter.
> > > 66.Type make and press Enter.
> > > 67.Type make install and press Enter.
> > > 68.Type ln /usr/lib/sasl /usr/local/lib/sasl -d and press Enter.
> > > 19.Type linuxconf and press Enter.
> > > 20.A welcome screen will appear.  Press Quit (this is not intuitive).
> > > 21.Using the cursor keys, select Config - Networking - Client Tasks and
> > press
> > > Enter.  Select Host Name and IP Network Devices and press Enter.
> > > 22.In the "Host Name and Domain" field, input the appropriate server host
> > > name (if it's not already there).
> > > 23.Press Accept (use either the mouse or the tab key).
> > > 24.Press Dismiss.
> > > 25.Press Quit.  When prompted, press Do It.
> > > 69.Type saslpasswd -c LDAProot and press Enter.  When prompted, enter the
> > > password for LDAProot and press Enter.
> > > 70.Type sasldblistusers and press Enter.  The output should be as follows:
> > > user: LDAProot realm: server.company.com mech: DIGEST-MD5
> > > user: LDAProot realm: server.company.com mech: PLAIN
> > > user: LDAProot realm: server.company.com mech: CRAM-MD5
> > > (where server should be equal to the server name).
> > > Compiling & Installing OpenLDAP
> > > 71.Type cd../OpenLDAP and press Enter.
> > > 72.Type cp openldap-stable-20010524.tgz /usr/src and press Enter.
> > > 73.Type cd /usr/src and press Enter.
> > > 74.Type tar -xzvf openldap-stable-20010524.tgz and press Enter.
> > > 75.Type cd openldap-2.0.11/ and press Enter.
> > > 76.Type ./configure --with-cyrus-sasl --enable-spasswd and press Enter.
> > > 77.The last line of the output should read Please "make depend" to build
> > > dependencies.
> > > 78.Type make depend and press Enter.
> > > 79.Type make and press Enter.
> > > 80.Type make test and press Enter.  This verifies that the software has
> > > compiled correctly.
> > > 81.Type make install and press Enter.
> > >
> > > ---The contents of slapd.conf---
> > >
> > > Please note: this is the slapd.conf from the backup LDAP server.  The
> > primary
> > > LDAP server has the "replica host" lines uncommented, and the "updatedn" /
> > > "updateref" lines commented out.
> > >
> > >
> > > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20
> > 23:32:43
> > > kurt Exp $
> > > #
> > > # See slapd.conf(5) for details on configuration options.
> > > # This file should NOT be world readable.
> > > #
> > >
> > > sasl-host server.company.com
> > > sasl-realm company.COM
> > >
> > > include /usr/local/etc/openldap/schema/core.schema
> > > include /usr/local/etc/openldap/schema/cosine.schema
> > > include /usr/local/etc/openldap/schema/inetorgperson.schema
> > > include /usr/local/etc/openldap/schema/local.schema
> > >
> > > # Define global ACLs to disable default read access.
> > >
> > > # Do not enable referrals until AFTER you have a working directory
> > > # service AND an understanding of referrals.
> > > #referral ldap://root.openldap.org
> > >
> > > pidfile /usr/local/var/slapd.pid
> > > argsfile /usr/local/var/slapd.args
> > >
> > > # Load dynamic backend modules:
> > > # modulepath /usr/local/libexec/openldap
> > > # moduleload back_ldap.la
> > > # moduleload back_ldbm.la
> > > # moduleload back_passwd.la
> > > # moduleload back_shell.la
> > >
> > > #LDAP_Version_3
> > > loglevel 0
> > > idletimeout 30
> > > sizelimit 100
> > > timelimit 120
> > > defaultsearchbase "dc=company,dc=com"
> > > schemacheck on
> > >
> > > #######################################################################
> > > # ldbm database definitions
> > > #######################################################################
> > >
> > > database ldbm
> > > ## REPLICATION OPTIONS
> > > #replica host=server.company.com:389
> > > # bindmethod=simple
> > > # binddn="cn=LDAProot,dc=company,dc=com"
> > > # credentials=password
> > > updatedn "cn=LDAProot,dc=company,dc=com"
> > > updateref "ldap://ldap.company.com";
> > >
> > > replogfile /usr/local/etc/openldap/replog/replog.log
> > > lastmod off
> > >
> > > suffix "dc=company,dc=com"
> > > rootdn "cn=LDAProot,dc=company,dc=com"
> > > # Cleartext passwords, especially for the rootdn, should
> > > # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> > > # Use of strong authentication encouraged.
> > > rootpw {SASL}LDAProot
> > > # The database directory MUST exist prior to running slapd AND
> > > # should only be accessible by the slapd/tools. Mode 700 recommended.
> > > directory /usr/local/var/openldap-ldbm
> > > # Indices to maintain
> > >
> > > index objectClass eq,pres
> > > index uid eq
> > >
> > > index cn eq,sub
> > > index mail eq,pres,sub
> > > index givenName eq,sub
> > > index sn eq,sub
> > > index o eq,sub
> > >
> > > #ldbm access control definitions
> > > access to attr=userPassword
> > > by dn="cn=LDAPRoot, dc=company, dc=com" write
> > > by * none
> > >
> > > access to *
> > > by anonymous read
> > > by dn="cn=LDAPRoot, dc=company, dc=com" write
> > >
> > > dbnolocking
> > > dbnosync
> > > cachesize 10000
> > > dbcachesize 100000
> > >
> > >
> > > I look forward to any responses.
> > >
> > >
> > > Kayne McGladrey
> > > k.mcgladrey@worldnet.att.net
> > >
> > >
> >
> >
> >
>
> --
> Leo Edmiston-Cyr
> Network Administrator, PennsWoods.net
> http://www.pennswoods.net
> 814-624-2424 ext. 510
>
>